Podcast Summary: CyberWire Daily – "Preparing for the Cyber Battlespace" Release Date: May 16, 2025

Introduction

The latest episode of CyberWire Daily, hosted by Dave Bittner and powered by N2K Networks, delves into the evolving landscape of cybersecurity. The episode highlights recent significant events, explores emerging threats, and features an insightful discussion with Chris Cleary, Vice President of ManTech's Global Cyber Practice, on preparing for future cyber battlespaces.

Key Highlights

1. NATO’s Largest Cyber Defense Exercise: Locked Shields 2025

   • Event Overview: NATO's Cooperative Cyber Defense Centre of Excellence hosted Locked Shields 2025 in Tallinn, Estonia, marking the world's largest cyber defense exercise to date.
   • Participation: Approximately 4,000 cybersecurity experts from 41 countries engaged remotely, defending over 8,000 systems against numerous cyber attacks.
   • Evolution: Originating in 2010 with just four nations, the exercise has expanded to include advanced challenges such as AI-driven narratives and quantum computing scenarios.
   • Achievements: Teams from Germany, Singapore, Poland, France, Italy, Slovenia, and the United States emerged as top performers.
   • Future Outlook: The 2026 iteration plans to enhance cloud infrastructure and integrate critical special systems to strengthen national defense capabilities.

   Timestamp: [00:02]

2. DOJ Charges in Cryptocurrency Theft Conspiracy

   • Case Details: The Department of Justice (DOJ) has indicted twelve individuals in a racketeering conspiracy involving the theft of over $230 million in cryptocurrency.
   • Modus Operandi: The perpetrators employed spoofed phone calls and sophisticated social engineering techniques to breach victim accounts, reset two-factor authentication (2FA), and access private keys.
   • Notable Theft: A significant incident involved the theft of 4,100 Bitcoin from a Washington, D.C. victim in August of the previous year.
   • Money Laundering: The group utilized crypto mixers, exchanges, VPNs, and peel chains to launder the illicit funds into currencies like Monero.
   • Outcomes: Despite their laundering efforts, investigators, aided by crypto sleuth Zach XBT and the FBI, traced the stolen funds back to the conspirators.

   Timestamp: [00:12]

3. Japan’s Active Cyber Defense Law

   • Legislation Overview: Japan has enacted a new Active Cyber Defense Law, marking a strategic shift from its traditionally defensive cyber stance.
   • Capabilities Authorized: The law permits preemptive cyber operations to disrupt threats before they inflict harm, aligning Japan's cyber policies more closely with Western nations.
   • Scope: It authorizes law enforcement to neutralize hostile servers and grants the Self Defense Forces authority over complex cyber attacks. Additionally, it allows the monitoring of foreign internet traffic entering or transiting through Japan.
   • Implications: This move follows an increase in state-sponsored and financially motivated cyberattacks targeting Japan and its allies.

   Timestamp: [00:12]

4. Reauthorization of the Cybersecurity Information Sharing Act (CISA)

   • Current Status: U.S. lawmakers from both political parties are advocating for the reauthorization of CISA before its expiration on September 30.
   • Importance: CISA is crucial for enabling the sharing of threat intelligence between the government and the private sector, supported by liability and privacy protections.
   • Challenges: Reauthorization faces a tight deadline and uncertain leadership support, with privacy concerns being the primary obstacle.
   • Support and Opposition: Despite strong backing from DHS Secretary Kristi Noem, debates continue over potential updates and clean reauthorization.
   • Expansion Proposal: Subcommittee members are also pushing to broaden security clearance access for more technical professionals, arguing that current restrictions impede effective responses.

   Timestamp: [00:12]

5. TP-Link Router Sales Ban Proposed by U.S. Lawmakers

   • Legislation Proposal: Seventeen Republican lawmakers, led by Senator Tom Cotton, are urging a ban on U.S. sales of TP-Link routers due to national security concerns.
   • Allegations: The Chinese company, TP-Link, is accused of having ties to the Chinese Communist Party (CCP), employing predatory pricing, and posing surveillance risks.
   • Company's Stance: TP-Link denies the allegations, labeling them as baseless and politically motivated, and asserts that it is not state-sponsored and has not been contacted by U.S. regulators.
   • Legal Foundation: The proposed ban references Executive Order 13873 (signed by President Donald Trump in May 2019), which empowers the U.S. Secretary of Commerce to block transactions involving ICT services linked to foreign adversaries perceived as national security risks.

   Timestamp: [00:12]

6. Critical Vulnerabilities in Ivanti Endpoint Manager Mobile

   • Vulnerability Details: Two major vulnerabilities have been identified in Ivanti Endpoint Manager Mobile, actively exploited by threat actors to execute unauthenticated remote code execution.
   • Technical Breakdown: The flaws arise from issues in open-source libraries, allowing attackers to bypass authentication and inject malicious Java code through improperly validated API inputs when chained.
   • Impact: These vulnerabilities enable the installation of malware, data access, or disabling of device management systems.
   • Recommendations: Ivanti and global cybersecurity agencies advise immediate patching to fixed versions. In scenarios where updates are unfeasible, implementing temporary mitigations and continuous monitoring is crucial to safeguard against potential exploits.

   Timestamp: [00:12]

7. Emergence of a New Fileless Technique Deploying Remcos RAT

   • Attack Methodology: Hackers are employing a novel fileless technique to deploy Remcos RAT malware using a PowerShell-based loader that evades detection by Windows Defender.
   • Execution Steps: The attack commences with a malicious ZIP file containing a spoofed LNK shortcut. Upon execution, it triggers an obfuscated script that modifies registry settings for persistence and injects multiple payloads, including REMCOS version 6 Pro.
   • Enhancements in Remcos: The updated version features idle time tracking and infected host management capabilities.
   • Defense Strategies: Researchers recommend monitoring for suspicious LNK files, misuse of PowerShell, and unexpected registry changes to detect and thwart such threats.

   Timestamp: [00:12]

8. Retirement of NSA Director of Cybersecurity, Dave Luber

   • Career Overview: Dave Luber, the National Security Agency's Director of Cybersecurity, is set to retire at the end of the month after a distinguished 38-year career.
   • Professional Journey: Luber's tenure began as a high school work-study participant. He advanced through roles such as Executive Director of U.S. Cyber Command and Director of NSA Colorado.
   • Leadership and Legacy: Colleagues lauded his calm and collaborative approach, especially in enhancing intelligence sharing and strengthening public-private partnerships amidst increasing threats like China's Volt Typhoon campaign.
   • Endorsements: George Barnes, former NSA Deputy Director, praised Luber as "competent, caring, communicative, and an all-around great leader," emphasizing his enduring impact on national cybersecurity strategies.

   Timestamp: [00:12]

9. Coinbase’s Response to Extortion Attempt

   • Incident Overview: Coinbase encountered an extortion attempt where a group of overseas customer support agents, reportedly based in India, demanded $20 million threatening to leak user data.
   • Company’s Action: Coinbase promptly terminated the involved insiders and initiated remediation efforts estimated between $180 million and $400 million.
   • Data Compromised: While no funds or login credentials were stolen, the breach resulted in the exposure of customer information, including emails, masked Social Security numbers, and transaction histories.
   • Preventive Measures: Coinbase advised users to remain vigilant against imposters, phishing scams, and fraudulent promises of reimbursement.
   • Moral Highlight: The episode underscores that attempting to extort a cryptocurrency giant can lead to significant repercussions, emphasizing that "karma is also decentralized."

   Timestamp: [00:12]

In-Depth Discussion: "Preparing for the Cyber Battlespace" with Chris Cleary

Guest: Chris Cleary, Vice President of ManTech's Global Cyber Practice

Moderator: Dave Bittner

Biggest Cyber Threats Facing the U.S. Today

• Current Landscape: Chris Cleary emphasizes the unprecedented visibility and confirmation of advanced cyber threats, citing Vault Typhoon and Salt Typhoon operations as evidence of adversaries' capabilities to target critical infrastructure.

  Quote: “This is not them being in our infrastructure because it's an interesting intelligence problem they're trying to solve. This is pre-positioning to degrade certain functionality of what we do over here.” [13:30]

• Military Philosophy: Cleary discusses the Chinese military's strategic use of cyber capabilities as a first indicator and advantage in potential conflicts, particularly concerning critical infrastructure that supports military operations.

• Urgency in Response: Despite recognizing the threats and available technological solutions, Cleary expresses concern that the U.S. is not advancing swiftly enough to counteract these cyber threats effectively.

  Quote: “My concern is we're not moving fast enough.” [13:30]

Shortcomings in Current Cyber Defense Approaches

• Overlap of Capabilities and Solutions: Cleary questions why existing technologies to combat cyber threats haven’t effectively merged with the growing recognition of these threats.

• Terminological Clarity: He stresses the importance of accurately defining what constitutes a cyber "attack" to maintain clarity in response strategies.

  Quote: “If we save the word attack for things that met a very specific definition, it would then call into question how we are going to respond to these things.” [15:09]

• Intentionality in Cyber Warfare: Differentiating between criminal activities and state-sponsored attacks, Cleary underscores the necessity of attributing intent correctly to formulate appropriate defensive and offensive strategies.

The Debate Over a Dedicated Cyber Force

• Cyber Command vs. Cyber Service: Cleary touches on the internal debates within the cyber community regarding the establishment of a dedicated cyber force versus integrating cyber operations within existing military structures like Cyber Command and the NSA.

  Quote: “Cybercom can have enhanced budget control, but Cybercom can't force the Navy to produce more cyber warfor engineers.” [19:39]

• Operational Challenges: He acknowledges the complexities and potential issues that could arise from creating a separate cyber service, including force generation and budgetary considerations.

Vulnerabilities and Defensive Strategies

• Infrastructure as a Target: Cleary highlights how critical infrastructure supporting military operations, such as power plants and water treatment facilities, are legitimate military targets due to their role in national security.

  Quote: “Baltimore Gas and Electric is a legitimate military target because it provides something like 80% of the electricity to the National Security Agency.” [22:11]

• Survivability Over Security: For companies integral to national defense, Cleary advocates for cyber survivability—ensuring that essential operations can continue despite cyber attacks—over traditional cybersecurity measures.

  Quote: “If you find yourselves in the crosshairs of a well-resourced, dedicated, sophisticated adversary like China, I wouldn't expect Baltimore Gas and Electric to fully be able to protect itself.” [23:56]

Offensive Cyber Capabilities Informing Defense Strategies

• Offense vs. Defense: Cleary discusses the age-old adage that "offense has the advantage," contrasting it with the defensive challenge where defenders must be perpetually vigilant.

  Quote: “The defender has to be right all the time. And you're always going to find some kind of little hole.” [24:49]

• Tool vs. Weapon: He differentiates between using cyber tools for various purposes and weaponizing them, emphasizing that offensive actions require clear intent and distinct definitions to ensure effective defense mechanisms.

• Integration of Non-Kinetic Operations: Cleary envisions a future where cyber operations integrate with other non-kinetic domains such as electronic warfare, information operations, space, AI, and machine learning to enhance overall military effectiveness.

Industry’s Role in Enhancing Cyber Posture

• Mission-Driven Solutions: Representing ManTech, Cleary explains their focus on providing specialized capabilities that support the Department of Defense and intelligence communities, going beyond what typical tech giants offer.

  Quote: “When you start moving beyond traditional cybersecurity and moving into cyber survivability and survivor strike or dominance or delivering effects in the community, it's more than a slightly different skill set.” [26:41]

• Collaboration with Government: Cleary highlights the importance of industry-government partnerships in developing bespoke solutions that address specific national security missions and enhance cyber resilience.

• Talent and Future Outlook: He underscores the significance of attracting digital natives and fresh talent to shape the future of cyber warfare, noting that new generations bring essential skills and perspectives to this rapidly evolving domain.

  Quote: “New fresh talent could be as relevant, if not more relevant on day one because of the idea of them being digital natives.” [28:33]

Conclusion

The episode of CyberWire Daily meticulously covers critical developments in the cybersecurity realm, from large-scale defense exercises and legislative actions to sophisticated cyberattacks and leadership transitions. The in-depth conversation with Chris Cleary provides valuable insights into the strategic considerations and proactive measures needed to navigate and secure the future cyber battlespace. As cyber threats continue to evolve, the collaboration between government entities and industry leaders remains paramount in fortifying national and global cybersecurity defenses.

Further Listening

• Research Saturday: Dive into the research titled "The Rise of Precision Validated Credential Theft: A New Challenge for Defenders".
• Upcoming Interview: Max Gannon from Cofense Intelligence will discuss evolving threats and defense mechanisms.

Stay Connected

For more detailed stories and updates, visit CyberWire Daily Briefing. Share your feedback and stay informed by subscribing to CyberWire Daily on your preferred podcast platform.